Cinder API server disagrees with USE_SSL=True
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| devstack |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
I am using a Ubuntu 14.04 VM to play with devstack. To reproduce the bug:
1. copy the sample local.conf to devstack root dir
2. add USE_SSL=True
3. run stack.sh and you'll encounter this
2016-01-13 19:04:55.008 | + openstack volume type create --property volume_
2016-01-13 19:05:07.059 | SSL exception connecting to https:/
2016-01-13 19:05:07.115 | + exit_trap
Cinder eventlet server does not appear to support SSL at all (i.e. it does not convey the use_ssl param to oslo.service).
https:/
https:/
If I understand the code correct, the only way to enable SSL for Cinder API server would be to run in in Apache mod_wsgi
CINDER_
Unfortunately, setting the above, in conjunction with USE_SSL=True wont' work either because we are checking specifically for c-api, not cinder service, when configuring the SSL options in mod_wsgi.
https:/
We don't seem to distinguish c-api and c-volume for enabling SSL for Cinder as a whole. So we have two choices,
1. continue on the current path and treat Cinder as a whole when deciding on whether to enable SSL. In other words, if USE_SSL is set to True for Cinder, both c-api and c-volume will get SSL
2. treat c-api and c-volume as separate services, just like how Swift is doing it
| OpenStack Infra (hudson-openstack) wrote Fix proposed to devstack (master) | #1 |
| Changed in devstack: | |
| assignee: | nobody → Guang Yee (guang-yee) |
| status: | New → In Progress |
| OpenStack Infra (hudson-openstack) wrote Change abandoned on devstack (master) | #2 |
| Sean Dague (sdague) wrote | #3 |
| Changed in devstack: | |
| assignee: | Guang Yee (guang-yee) → nobody |
| status: | In Progress → New |
| Sean Dague (sdague) wrote | #4 |
| Changed in devstack: | |
| status: | New → Won't Fix |
Fix proposed to branch: master
Review: https:/